MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ee24b9e9980a7ef84a91562c3f784031d4ca67852148aa287d16cdc73e39dd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ee24b9e9980a7ef84a91562c3f784031d4ca67852148aa287d16cdc73e39dd5
SHA3-384 hash: 450634af0be3056c313df27d6746ffcc5dce20d3f3af8411667133f391446e1e515df635d84dc4d626cd7f669654655a
SHA1 hash: b85113ee0520d34c11d8032f748f1a3370b3b8c2
MD5 hash: 21881ac9ed9a8a33f835dad94c1d9520
humanhash: uranus-utah-triple-emma
File name:PO 20200817.rar
Download: download sample
Signature Loki
Create hunting rule
File size:972'013 bytes
First seen:2020-08-18 08:48:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 24576:cfPvZBBlyHQuYNfZ0aWqdgr4FcBRCBv8KXWeoNPX/tMLETC:WdyLkxWWF1cR/2LZ
TLSH 3A253389CFD0B03E47E9D52576429C245DF707B4F470E6A89B8396FFAA492138F0E894
Reporter abuse_ch
Tags:Hostwinds Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: hwsrv-764557.hostwindsdns.com
Sending IP: 104.168.211.183
From: ASML Groups <info@misermeogy.com>
Subject: PO from Felix Luuk
Attachment: PO 20200817.rar (contains "PO #20200817.exe")

Loki C2:
http://rarlab.gq/comic/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8ee24b9e9980a7ef84a91562c3f784031d4ca67852148aa287d16cdc73e39dd5/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 08:50:08 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3rexhuzqct67bfjcvrmh54eamouzjtykikiviuh2fwny47dtxkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 8ee24b9e9980a7ef84a91562c3f784031d4ca67852148aa287d16cdc73e39dd5

(this sample)

Loki

Executable exe 41a9e893d9922e09870fcb8a968be26b7645c491b655b11b59be8c284c1e1b29

  
Dropping
MD5 12025c7e046ef39b8fa242d851137a9d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 41a9e893d9922e09870fcb8a968be26b7645c491b655b11b59be8c284c1e1b29

Comments